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Question: 280 
Which are key devices in the SAFE SMR midsize network design midsize network campus 
module? Choose three. 


A. firewalls 

B. NIDS host 

C. Layer 3 switches 
D. VPN Concentrator 
E. Corporate servers 
F. WAN router 


Answer: B, C, E 


Question: 281 
What are the three modules in the SAFE SMR midsize network design? Choose three. 


A. frame/ATM module 

B. Campus module 

C. ISP edge module 

D. Corporate Internet module 
E. WAN module 

F. PSTN module 


Answer: B, D, E 


Question: 282 
What is the primary method of mitigating port redirection attacks? 


A. Keep firewalls up to date with the latest patches and fixes 

B. Do not allow trust models 

C. Keep OS and applications up to date with the latest patches and fixes 
D. Use proper trust models 


Answer: D 
Question: 283 


What are three of the key devices in the SAFE SMR small network campus module? Choose 
three. 


A. Layer 2 switches 
B. IOS firewall 

C. user workstations 
D. PIX firewall 

E. corporate servers 
F. NIDS 


Answer: A, C, E 


Question: 284 
As an alternative design in the SAFE SMR small network campus module, a small filtering router 
can be placed between the rest of the network and which devices? 


A. Layer 2 switches 

B. Management stations 
C. Corporate users 

D. Routers 


Answer: B 


Question: 285 
Which of the following is not a critical element of Cisco Self Defending Network strategy? 


A. SAFE 

B. Threat defense system 

C. Secure connectivity 

D. Trust and identity management 


Answer: A 


Question: 286 
An administrator claims he is receiving too many false positives on his IDS system. What is he 
referencing? 


A. Alarms detected and logged by IDS 

B. Alarms detected by IDS and not acted upon 

C. Alarms caused by illegitimate traffic or activities 
D. Alarms caused by legitimate traffic or activities 


Answer: D 


Question: 287 
What two modules are in the SAFE SMR small network design? Choose two. 


A. Edge 

B. Internet 

C. Corporate Internet 
D. Campus 


Answer: C, D 
Question: 288 112 


The ip verify reverse-path command implements which of the following on the PIX Firewall? 
Choose two. 


A. Performs a route lookup based on the source address 

B. Performs a route lookup based on the destination address 

C. Provides session state information based on source address 

D. Provides session state information based on destination address 
E. Provides ingress filtering 


Answer: A, E 


Question: 289 
Which routing protocol does not support the use of MD5 authentication? 


A. BGP 
B. IGRP 
C. EIGRP 
D. OSPF 
E. IS-IS 


Answer: B 


Question: 290 
How are trust exploitation attacks mitigated in the SAFE SMR midize network design corporate 
Internet module? 


A. OS and IDS detection 

B. Restrictive filtering and host IDS 

C. Restrictive trust model and private VLANs 

D. IDS at the host and network levels 

E. Filtering at the ISP, edge router, and corporate firewall 


Answer: C 


Question: 291 
Which techniques does SAFE recommend to mitigate MAC spoofing attacks? (Select two.) 


A. Use port security. 

B. Implement IP Source Guard feature. 

C. Set all user ports to nontrunking mode. 

D. Implement BPDU guard enhancement command. 
E. Implement authentication for DHCP messages. 
F. Use DHCP snooping along with DAI. 


Answer: A, F 


Question: 292 
What is a feature of SIP? 


A. SIP is a transport-layer control protocol that uses IP addresses for transporting multimedia 
traffic and call management. 
B. SIP is a session-layer control protocol that uses SIP addresses for signal and session 


management. 
C. SIP is an application-layer control protocol that uses SIP addresses for signal and session 
management. 113 


D. SIP is a session-layer control protocol that uses IP addresses for transporting multimedia 
traffic and session management. 


Answer: C 


Question: 293 
Which are the attack mitigation roles for the VPN Concentrator in the SAFE standard VPN WLAN 
design? Choose three. 


A. authenticate remote users 
B. two-factor authentication 
C. terminate IPsec 

D. RFC 2827 filtering 

E. DHCP relay 

F. VPN client auto-initiate 


Answer: A, C, E 


Question: 294 
Which is a design alternative in the SAFE SMR midsize network design campus module? 


A. A NIDS appliance can be placed in front of the firewall. 

B. The end-user workstations can be connected directly to the core switch. 

C. The router between the firewall and the campus module can be eliminated. 

D. A URL filtering server can be placed on the public services segment to filter the types of Web 
pages employees can access. 


Answer: B 


Question: 295 
According to the SAFE Layer 2 security white paper, which is not a threat to switches? 


A. CAM table overflow 

B. DHCP starvation 

C. IP address spoofing 

D. VLAN hopping 

E. Spanning-Tree Protocol manipulation 


Answer: C 


Question: 296 
According to SAFE worm mitigation, which of the following statements are true about worms and 
viruses? (Select three.) 


A. Worms are self-contained programs that attack a system and try to exploit vulnerability in the 
target. 

. Viruses require human interaction to facilitate the spread. 

. Worms normally require a vector to carry the code from one system to another. 

. Viruses normally require a vector to carry the code from one system to another. 

. Worms require human interaction to facilitate the spread. 

. Viruses are self-contained programs that attack a system and try to exploit vulnerability in the 
target. 


=m om 


Answer: A, B, D 
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